Remove effective roles filtering to avoid inconsistency (#28099)
* Changed effective roles filtering method Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com> * Adjusted remaining endpoints Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com> --------- Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>
This commit is contained in:
parent
a918eb1e30
commit
f4178bfa26
1 changed files with 5 additions and 7 deletions
|
@ -60,7 +60,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
|
||||||
this.auth.clients().requireView(clientScope);
|
this.auth.clients().requireView(clientScope);
|
||||||
return toSortedClientRoles(
|
return toSortedClientRoles(
|
||||||
addSubClientRoles(clientScope.getScopeMappingsStream())
|
addSubClientRoles(clientScope.getScopeMappingsStream())
|
||||||
.filter(auth.roles()::canMapClientScope));
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
@ -90,7 +90,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
|
||||||
auth.clients().requireView(client);
|
auth.clients().requireView(client);
|
||||||
return toSortedClientRoles(
|
return toSortedClientRoles(
|
||||||
addSubClientRoles(client.getScopeMappingsStream())
|
addSubClientRoles(client.getScopeMappingsStream())
|
||||||
.filter(auth.roles()::canMapRole));
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
@ -120,7 +120,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
|
||||||
auth.groups().requireView(group);
|
auth.groups().requireView(group);
|
||||||
return toSortedClientRoles(
|
return toSortedClientRoles(
|
||||||
addSubClientRoles(addParents(group).flatMap(GroupModel::getRoleMappingsStream))
|
addSubClientRoles(addParents(group).flatMap(GroupModel::getRoleMappingsStream))
|
||||||
.filter(auth.roles()::canMapRole));
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
@ -154,7 +154,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
|
||||||
user.getGroupsStream()
|
user.getGroupsStream()
|
||||||
.flatMap(g -> addParents(g))
|
.flatMap(g -> addParents(g))
|
||||||
.flatMap(GroupModel::getRoleMappingsStream)))
|
.flatMap(GroupModel::getRoleMappingsStream)))
|
||||||
.filter(auth.roles()::canMapRole));
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
@ -179,9 +179,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
|
||||||
auth.roles().requireList(realm);
|
auth.roles().requireList(realm);
|
||||||
final RoleModel defaultRole = this.realm.getDefaultRole();
|
final RoleModel defaultRole = this.realm.getDefaultRole();
|
||||||
//this definitely does not return what the descriptions says
|
//this definitely does not return what the descriptions says
|
||||||
return toSortedClientRoles(
|
return toSortedClientRoles(addSubClientRoles(Stream.of(defaultRole)));
|
||||||
addSubClientRoles(Stream.of(defaultRole))
|
|
||||||
.filter(auth.roles()::canMapRole));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private Stream<RoleModel> addSubClientRoles(Stream<RoleModel> roles) {
|
private Stream<RoleModel> addSubClientRoles(Stream<RoleModel> roles) {
|
||||||
|
|
Loading…
Reference in a new issue